Towards the application of recommender systems to secure coding

Towards the application of recommender systems to secure coding

Abstract Secure coding is crucial for the design of secure and efficient software and computing systems. However, many programmers avoid secure coding practices for a variety of reasons. Some of these reasons are lack of knowledge of secure coding standards, negligence, and poor performance of and u...

Full description

Bibliographic Details
Main Authors: Fitzroy D. Nembhard, Marco M. Carvalho, Thomas C. Eskridge
Format: Article
Language:English
Published: SpringerOpen 2019-06-01
Series:EURASIP Journal on Information Security
Subjects:
Secure coding
Vulnerability detection
Code analysis
Data mining
Secure systems
Intellisense
Online Access:http://link.springer.com/article/10.1186/s13635-019-0092-4
id doaj-275d4008e55746978bf0e516f7347a55
record_format Article
spelling doaj-275d4008e55746978bf0e516f7347a552020-11-25T03:38:25ZengSpringerOpenEURASIP Journal on Information Security2510-523X2019-06-012019112410.1186/s13635-019-0092-4Towards the application of recommender systems to secure codingFitzroy D. Nembhard0Marco M. Carvalho1Thomas C. Eskridge2College of Engineering and Sciences, Florida Institute of TechnologyCollege of Engineering and Sciences, Florida Institute of TechnologyCollege of Engineering and Sciences, Florida Institute of TechnologyAbstract Secure coding is crucial for the design of secure and efficient software and computing systems. However, many programmers avoid secure coding practices for a variety of reasons. Some of these reasons are lack of knowledge of secure coding standards, negligence, and poor performance of and usability issues with existing code analysis tools. Therefore, it is essential to create tools that address these issues and concerns. This article features the proposal, development, and evaluation of a recommender system that uses text mining techniques, coupled with IntelliSense technology, to recommend fixes for potential vulnerabilities in program code. The resulting system mines a large code base of over 1.6 million Java files using the MapReduce methodology, creating a knowledge base for a recommender system that provides fixes for taint-style vulnerabilities. Formative testing and a usability study determined that surveyed participants strongly believed that a recommender system would help programmers write more secure code.http://link.springer.com/article/10.1186/s13635-019-0092-4Secure codingVulnerability detectionCode analysisData miningSecure systemsIntellisense
collection DOAJ
language English
format Article
sources DOAJ
author Fitzroy D. Nembhard
Marco M. Carvalho
Thomas C. Eskridge
spellingShingle Fitzroy D. Nembhard
Marco M. Carvalho
Thomas C. Eskridge
Towards the application of recommender systems to secure coding
EURASIP Journal on Information Security
Secure coding
Vulnerability detection
Code analysis
Data mining
Secure systems
Intellisense
author_facet Fitzroy D. Nembhard
Marco M. Carvalho
Thomas C. Eskridge
author_sort Fitzroy D. Nembhard
title Towards the application of recommender systems to secure coding
title_short Towards the application of recommender systems to secure coding
title_full Towards the application of recommender systems to secure coding
title_fullStr Towards the application of recommender systems to secure coding
title_full_unstemmed Towards the application of recommender systems to secure coding
title_sort towards the application of recommender systems to secure coding
publisher SpringerOpen
series EURASIP Journal on Information Security
issn 2510-523X
publishDate 2019-06-01
description Abstract Secure coding is crucial for the design of secure and efficient software and computing systems. However, many programmers avoid secure coding practices for a variety of reasons. Some of these reasons are lack of knowledge of secure coding standards, negligence, and poor performance of and usability issues with existing code analysis tools. Therefore, it is essential to create tools that address these issues and concerns. This article features the proposal, development, and evaluation of a recommender system that uses text mining techniques, coupled with IntelliSense technology, to recommend fixes for potential vulnerabilities in program code. The resulting system mines a large code base of over 1.6 million Java files using the MapReduce methodology, creating a knowledge base for a recommender system that provides fixes for taint-style vulnerabilities. Formative testing and a usability study determined that surveyed participants strongly believed that a recommender system would help programmers write more secure code.
topic Secure coding
Vulnerability detection
Code analysis
Data mining
Secure systems
Intellisense
url http://link.springer.com/article/10.1186/s13635-019-0092-4
work_keys_str_mv AT fitzroydnembhard towardstheapplicationofrecommendersystemstosecurecoding
AT marcomcarvalho towardstheapplicationofrecommendersystemstosecurecoding
AT thomasceskridge towardstheapplicationofrecommendersystemstosecurecoding
_version_ 1724542410970628096

Similar Items